{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2025-2365","assignerOrgId":"1af790b2-7ee1-4545-860a-a788eba489b5","state":"PUBLISHED","assignerShortName":"VulDB","dateReserved":"2025-03-16T12:14:19.568Z","datePublished":"2025-03-17T06:31:04.154Z","dateUpdated":"2025-03-17T14:41:38.830Z"},"containers":{"cna":{"providerMetadata":{"orgId":"1af790b2-7ee1-4545-860a-a788eba489b5","shortName":"VulDB","dateUpdated":"2025-03-17T06:31:04.154Z"},"title":"crmeb_java WeChatMessageController.java webHook xml external entity reference","problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-611","lang":"en","description":"XML External Entity Reference"}]},{"descriptions":[{"type":"CWE","cweId":"CWE-610","lang":"en","description":"Externally Controlled Reference"}]}],"affected":[{"vendor":"n/a","product":"crmeb_java","versions":[{"version":"1.3.0","status":"affected"},{"version":"1.3.1","status":"affected"},{"version":"1.3.2","status":"affected"},{"version":"1.3.3","status":"affected"},{"version":"1.3.4","status":"affected"}]}],"descriptions":[{"lang":"en","value":"A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has been disclosed to the public and may be used."},{"lang":"de","value":"Eine problematische Schwachstelle wurde in crmeb_java bis 1.3.4 entdeckt. Hierbei geht es um die Funktion webHook der Datei WeChatMessageController.java. Durch Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung."}],"metrics":[{"cvssV4_0":{"version":"4.0","baseScore":5.3,"vectorString":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N","baseSeverity":"MEDIUM"}},{"cvssV3_1":{"version":"3.1","baseScore":6.3,"vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV3_0":{"version":"3.0","baseScore":6.3,"vectorString":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L","baseSeverity":"MEDIUM"}},{"cvssV2_0":{"version":"2.0","baseScore":6.5,"vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P"}}],"timeline":[{"time":"2025-03-16T00:00:00.000Z","lang":"en","value":"Advisory disclosed"},{"time":"2025-03-16T01:00:00.000Z","lang":"en","value":"VulDB entry created"},{"time":"2025-03-16T13:19:30.000Z","lang":"en","value":"VulDB entry last update"}],"credits":[{"lang":"en","value":"jmx0hxq (VulDB User)","type":"reporter"}],"references":[{"url":"https://vuldb.com/?id.299864","name":"VDB-299864 | crmeb_java WeChatMessageController.java webHook xml external entity reference","tags":["vdb-entry","technical-description"]},{"url":"https://vuldb.com/?ctiid.299864","name":"VDB-299864 | CTI Indicators (IOB, IOC, IOA)","tags":["signature","permissions-required"]},{"url":"https://vuldb.com/?submit.513285","name":"Submit #513285 | https://www.crmeb.com/ CRMEB_Java E-commerce System 1.3.4 XML External Entity Injection","tags":["third-party-advisory"]},{"url":"https://github.com/jmx0hxq/Vulnerability-learning/blob/main/crmeb-java-xxe1.md","tags":["exploit"]}]},"adp":[{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-03-17T14:41:29.091192Z","id":"CVE-2025-2365","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-03-17T14:41:38.830Z"}}]}}